
WHAT IS CLAIMED IS: 
11. A computer-implemented method for multi-level memory domain 

2 protection, comprising the steps of: 

3 establishing a domain process context having operating system code, 

4 executing at a first protection level, and domain code, executing at a second 

5 protection level; 

6 establishing a user process context having the operating system code, 

7 executing at the first protection level, and user code, executing at the second 
5 ^ protection level; and 

%n 9 protecting the domain code, executing at the second protection level, from 

n I 

NlO the user code, executing at the second protection level, by context switching 

y 'll between the user process context and the domain process context. 

s 

H 1 

Lj 1 2. The method of claim 1, wherein the domain code includes domain-to-user 

M 2 control transfer instructions, the method further comprising the step of 

3 transferring control to the user process context in response to the domain-to-user 

4 control transfer instructions. 

1 3. The method of claim 1, wherein the user code includes user-to-domain 

2 control transfer instructions, the method further comprising the step of 

3 transferring control to the domain process context in response to the user-to- 

4 domain control transfer instructions. 
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1 4. The method of claim 1, further comprising the steps of: 

2 executing a portion of the user code, in the user process, context, calling for 

3 execution of targeted domain code; 

4 branching to a target code-segment corresponding to the targeted domain 

5 code; 

6 executing linking-code in the target code-segment and entering the 

7 operating system code in the user process context; 

8 intra-group context switching from the user process context to the domain 
J3 9 process context; 

PlO branching from the operating system code in the domain process context to 

yll the targeted domain code; 

y i 

s 12 executing the targeted domain code; and 

h* ' 
M43 returning to the user code. 

M 

hi 

: ' : 

1 5. The method of claim 4, wherein, the step of returning further comprises the 

2 steps of: 

3 executing a portion of the operating system code, in the domain process 

4 context, calling for return to the user code in the user process context; 

5 intra-group context switching from the domain process context to the user 

6 process context; 

7 entering the target code-segment; 

8 executing the linking-code in the target code-segment to place the user code 

9 in a return state; 
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10 returning to the user code; and 

11 resume executing the user code. 

1 6. The method of claim 1, further comprising the steps of: 

2 executing a portion of the domain code, in the domain process context, 

3 calling for execution of targeted user code; 

4 branching to a target code-segment corresponding to the targeted user code; 

5 executing linking-code in the target code-segment and entering the 
3 6 operating system code in the domain process context; 

yi 7 intra-group context switching from the domain process context to the user 

S 8 process context; 

'w 

W 9 branching from the operating system code in the user process context to the 

y= 10 targeted user code; 

y 11 executing the targeted user code; and 

N= 12 returning to the domain code. 

1 7. The method of claim 6, wherein the step of returning further comprises the 

2 steps of: 

3 executing the operating system code, in the user process context, calling for 

4 return to the domain code in the domain process context; 

5 intra-group context switching from the user process context to the domain 

6 process context; 

7 entering the target code-segment; 
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8 executing the linking-code in the target code-segment to place the domain 

9 code in a return state; 

10 returning to the domain code; and 

11 resume executing the domain code. 

1 8. The method of claim 1, wherein the user process context further includes 

2 user data, the method further comprising the steps of: 

3 executing a portion of the domain code, in a domain process context, calling 
3 4 for a data access from targeted user code; 

. £^ 

y3 5 accessing the user data located in the targeted user code; and 

ru 

%; 6 resuming execution of the domain code. 

W 
CP 

C l 9. A computer-implemented method for multi-level memory domain 

W 2 protection, comprising the steps of: 

O 

M 3 creating a domain process context, having an operating system code 

4 executing within a first protection level, a domain code executing within a second 

5 protection level, and a user code residing within the second protection level; 

6 creating a user process context, having the operating system code executing 

7 within the first protection level, a non-executable reserved portion, and the user 

8 code executing within the second protection level; and 

9 protecting the domain code from the user code by locating the domain code 

10 in the non-executable reserved portion. 
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1 10. A computer-implemented method for multi-level memory domain 

2 protection, comprising the steps of: 

3 executing calling-code in a first process pair calling for execution of targeted 

4 code in a second process pair; 

5 branching to a call gate target code-segment in the calling-code 

6 corresponding to the targeted code; 

7 executing linking-code in the target code-segment and entering operating 

8 system code in the first process pair; 

O 9 inter-group context switching from the first process pair to the second 

Sio process pair; 

[=11 branching to and executing the targeted code; and 

ml2 executing second process pair to first process pair return code. 

s 

S . : 
I 

5 t 

^ 1 11. The method of claim 10, further comprising the steps of: 

I J I 

ITS? 

p 2 executing calling-code in the first process pair calling for access to target data 

a in the second process pair; 

4 branching to a call gate target code-segment in the calling-code 

5 corresponding to the target data; and 

6 branching to and accessing the target data. 

1 12. A system for multi-level memory domain protection, the system 

2 comprising: 
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3 means for establishing a domain process context having operating system 

4 code, executing at a first protection level, and a domain code, executing at a second 

5 protection level; 

6 means for establishing a user process context having the operating system 

7 code, executing at the first protection level, and a user code, executing at the second 

8 protection level; and 

9 means for protecting the domain code, executing at the second protection 
10 level, from the user code, executing at the second protection level, by context 

Oil switching between the user process context and the domain process context. 

if! 

Vi 1 13. The system of claim 12, wherein the domain code includes domain-to-user 

m 2 control transfer instructions, the system further comprising means for transferring 

U 3 control to the user process context in response to the domain-to-user control 

: a 
I 

4 transfer instructions. 

fa! 

D 

1 14. The system of claim 12, wherein the user code includes user-to-domain 

2 control transfer instructions, the system further comprising means for transferring 

3 control to the domain process context in response to the user-to-domain control 

4 transfer instructions. 

1 15. A system for multi-level memory domain protection^ the system 

2 comprising: 
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3 means for creating a domain process context, having an operating system 

4 code executing within a first protection level, a domain code executing within a 

5 second protection level, and a user code residing within the second protection 

6 level; 

7 means for creating a user process context, having the operating system code 

8 executing within the first protection level, a non-executable reserved portion, and 

9 the user code executing within the second protection level; and 

10 means for protecting the domain code from the user code by locating the 

=,11 domain code in the non-executable reserved portion. 
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1 3 ; 
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16. A computer-useable medium embodying computer-readable program code 

3 2 for causing a computer to perform multi-level memory domain protection by 

y s 

3 performing the steps of: 

4 establishing a domain process context having an operating system code, 
executing at a first protection level, and a domain code, executing at a second 

6 protection level; 

7 establishing a user process context having the operating system code, 

8 executing at the first protection level, and a user code, executing at the second 

9 protection level; and 
protecting the domain code, executing at the second protection level, from 

the user code, executing at the second protection level, by context switching 



10 
11 



12 between the user process context and the domain process context. 
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17. The computer-useable medium of claim 16, wherein the domain code 
includes domain-to-user control transfer instructions, further comprising the step 
of transferring control to the user process context in response to the domain-to- 
user control transfer instructions. 

18. The computer-useable medium of claim 16, wherein the user code includes 

2 user-to-domain control transfer instructions, further comprising the step of 

3 transferring control to the domain process context in response to the user-to- 

4 domain control transfer instructions. 

1 19. A computer-useable medium embodying computer-readable program code 

2 for causing a computer to perform multi-level memory domain protection by 

3 performing the steps of: 

4 creating a domain process context, having an operating system code 

5 executing within a first protection level, a domain code executing within a second 

6 protection level, and a user code residing within the second protection level; 

7 creating a user process context, having the operating system code executing 

8 within the first protection level, a non-executable reserved portion, and the user 

9 code executing within the second protection level; and 
protecting the domain code from the user code by locating the domain code 



10 



11 in 



the non-executable reserved portion. 
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1 20. A system for multi-level memory domain protection, the system 

2 comprising: 

3 a user process, for executing operating system code at a first protection level 

4 and for executing user code at a second protection level; 

5 a domain process, for executing the operating system code at the first 

6 protection level, for executing domain code at the second protection level; and 

7 a intra-group context switch, for switching between the user process and the 

8 domain process. 

D 

5 

y3 1 21. The system of claim 20, wherein the user code includes user-to-domain 

yj 

fU 2 control transfer instructions, the system further comprising a user call gate, 

%j 

% 3 coupled to the user process and the domain process, the user call gate for storing 
L, 4 • user-to-domain control transfer instructions. 

: g \ 

Q 1 22. The system of claim 20, wherein the domain code includes domain-to-user 

2 control transfer instructions, the system further comprising a domain call gate, 

3 coupled to the user process and the domain process, the domain call gate for 

4 storing the domain-to-user control transfer instructions. 

1 23. The system of claim 20 further comprising: 

2 a second user process, for executing the operating system code at the first 

3 protection level and for executing second user code at the second protection level; 



38 



4 a second domain process, for executing the operating system code at the first 

5 protection level, for executing second domain code at the second protection level; 

6 and 

7 a inter-group context switch, for switching from the domain process to the 

8 second domain process and from the domain process to the second user process. 

1 24. The system of claim 21 wherein the user call gate comprises a target code- 

2 segment for storing user-to-domain control transfer instructions which transfer 

3 control to a specific location in the domain code. 



Si 1 25. The system of claim 24 wherein the target code-segment comprises: 

^2 an address, corresponding to the specific location in the domain code; 

ff 3 arguments to be passed from the user process to the domain process; and 

Mi 

4 a data type description of the arguments. 



1 26. The system of claim 24 wherein the target code-segment comprises linking- 

2 code, for handling how the user-to-domain control transfer instructions are 

3 executed. 

1 27. The system of claim 24 wherein the target code-segment comprises a calling- 

2 code return state, for storing a current state of the user process prior to when one 

3 of the user-to-domain instructions is executed. 
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